University of North Carolina at Chapel Hill Company CyberSecurity Posture
unc.edu
Carolina’s vibrant people and programs attest to the University’s long-standing place among leaders in higher education since it was chartered in 1789 and opened its doors for students in 1795 as the nation’s first public university. Situated in the beautiful college town of Chapel Hill, N.C., UNC has earned a reputation as one of the best universities in the world. Carolina prides itself on a strong, diverse student body, academic opportunities not found anywhere else, and a value unmatched by any public university in the nation. UNC-Chapel Hill's LinkedIn comments guidelines: Thank you for liking the LinkedIn page of the University of North Carolina at Chapel Hill. This page highlights information about the people and programs at Carolina. Consistent with UNC-Chapel Hill’s Policy on Prohibited Discrimination, Harassment and Related Misconduct, and the North Carolina Campus Free Speech Act, we encourage your comments and opinions as they relate to our posts. This page is actively monitored for relevance. Carolina reserves the right to remove any comments that are not related to the particular post, make unsupported accusations, contain ad-hominem attacks, use obscene language or images, are blatant spam, contain advertisements, or contain inappropriate personal information or sensitive information. Repeated violation of these guidelines or behavior that substantially disrupts the maintenance of this page could result in a user being blocked from the page. Thanks for keeping the page enjoyable for everyone. Go Tar Heels!
Company Details
university-of-north-carolina-at-chapel-hill
19,627
384,196
6113
unc.edu
299
UNI_1430455
Completed
UNCCH Risk Score (AI oriented)Between 750 and 799
UNCCH Global Score (TPRM)XXXX
Description: An estimated 3716 people were told by the university of north carolina at chapel hill school of medicine that their information had been the target of a cyberattack. which found that some workers were duped by a phishing scam and that their email accounts may have been compromised. UNC only mentions that they first confirmed the incident on September 13, 2019, but does not specify when they originally learned of it. Patients' names, dates of birth, and demographic information including residences, health insurance information, health information, Social Security numbers, financial account information, and/or credit card information were all possible components of the PII/PHI.
Description: UNC Health Care suffered a data breach incident that exposed 24,000 patients' information in December 2017. The exposed information includes names, addresses, phone numbers, employment status, employer names, birth dates, and Social Security numbers. The affected patients were offered free credit monitoring services for one year.
No incidents recorded for University of North Carolina at Chapel Hill in 2025.
No incidents recorded for University of North Carolina at Chapel Hill in 2025.
No incidents recorded for University of North Carolina at Chapel Hill in 2025.
UNCCH cyber incidents detection timeline including parent company and subsidiaries
Carolina’s vibrant people and programs attest to the University’s long-standing place among leaders in higher education since it was chartered in 1789 and opened its doors for students in 1795 as the nation’s first public university. Situated in the beautiful college town of Chapel Hill, N.C., UNC has earned a reputation as one of the best universities in the world. Carolina prides itself on a strong, diverse student body, academic opportunities not found anywhere else, and a value unmatched by any public university in the nation. UNC-Chapel Hill's LinkedIn comments guidelines: Thank you for liking the LinkedIn page of the University of North Carolina at Chapel Hill. This page highlights information about the people and programs at Carolina. Consistent with UNC-Chapel Hill’s Policy on Prohibited Discrimination, Harassment and Related Misconduct, and the North Carolina Campus Free Speech Act, we encourage your comments and opinions as they relate to our posts. This page is actively monitored for relevance. Carolina reserves the right to remove any comments that are not related to the particular post, make unsupported accusations, contain ad-hominem attacks, use obscene language or images, are blatant spam, contain advertisements, or contain inappropriate personal information or sensitive information. Repeated violation of these guidelines or behavior that substantially disrupts the maintenance of this page could result in a user being blocked from the page. Thanks for keeping the page enjoyable for everyone. Go Tar Heels!
The University of Cincinnati, top 5 university for co-op, offers students a balance of educational excellence and real-world experience. Since its founding in 1819, UC has been the source of many discoveries creating positive change for society, including the first antihistamine, the first co-op edu
The University of Alberta is one of Canada’s top teaching and research universities, with an international reputation for excellence across the humanities, sciences, creative arts, business, engineering, and health sciences. Home to more than 39,000 students and 15,000 faculty and staff, the univers
Baylor College of Medicine is a health sciences university that creates knowledge and applies science and discoveries to further education, healthcare and community service locally and globally. Located in the Texas Medical Center, Baylor College of Medicine has affiliations with eight teaching hosp
À l’Université d’Ottawa, la plus grande université bilingue au monde, la population étudiante peut choisir d’étudier en français, en anglais, ou dans les deux langues. Située au cœur de la capitale du Canada, pays du G8, notre université jouit d’un accès direct aux plus grandes institutions du pays.
Nuestra Misión es formar profesionales de excelencia a través de un modelo educativo basado en una visión integradora de los procesos formativos, que promueve el saber y el saber aplicado, con un enfoque preferentemente profesionalizante. Nuestros programas son pertinentes a las necesidades de co
Welcome to the official LinkedIn page for the University of Birmingham . We have been challenging and developing great minds for more than a century. Characterised by a tradition of innovation, research at the University has broken new ground, pushed forward the boundaries of knowledge and made an i
Founded in 1927, the University of Houston is the leading public research university in the vibrant international city of Houston. Each year, we educate more than 47,000 students in more than 250 undergraduate and graduate academic programs, on campus and online. UH awards over 10,000 degrees annual
UC Davis was founded in 1908 to serve the state of California. We do and we always will. Today, that seed planted years ago has grown into one of the world’s top universities. UC Davis has a community of faculty and staff who are leading the way in teaching, research, public service and patient car
As the largest university in one of the nation’s most iconic cities, Temple educates diverse future leaders from across Philadelphia, the country and the world who share a common drive to learn, prepare for their careers and make a real impact. Founded as a night school by Russell Conwell in 1884, T
.png)
The new strategic plan will ensure that Carolina's research makes even greater impacts, says Penny Gordon-Larsen.
As Wyoming aspires to be an energy powerhouse, a new generation of cybersecurity defenders is training in Wyoming and at the Idaho National Lab.
Rural hospital cybersecurity funding may be at risk as Medicaid cuts threaten the viability of already resource-strapped rural healthcare facilities.
Explore the latest strategies from higher education institutions and how they're creating AI-ready campuses with Microsoft AI solutions.
Three years after the University of Arkansas at Little Rock enrolled its first cohort of teachers in a graduate certificate program for...
Explore Charlotte's burgeoning cybersecurity job market for 2025, highlighting growth areas, top roles, and educational opportunities in...
For the 12th year in a row, MET has been ranked among the best graduate online programs in the nation by @USNews, particularly in the realms of criminal...
This agreement follows various Microsoft challenges with cybersecurity in its work with the federal government.
Data from the North Carolina's student and teacher information system — containing personal and private information about the state's...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of University of North Carolina at Chapel Hill is http://unc.edu.
According to Rankiteo, University of North Carolina at Chapel Hill’s AI-generated cybersecurity score is 765, reflecting their Fair security posture.
According to Rankiteo, University of North Carolina at Chapel Hill currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, University of North Carolina at Chapel Hill is not certified under SOC 2 Type 1.
According to Rankiteo, University of North Carolina at Chapel Hill does not hold a SOC 2 Type 2 certification.
According to Rankiteo, University of North Carolina at Chapel Hill is not listed as GDPR compliant.
According to Rankiteo, University of North Carolina at Chapel Hill does not currently maintain PCI DSS compliance.
According to Rankiteo, University of North Carolina at Chapel Hill is not compliant with HIPAA regulations.
According to Rankiteo,University of North Carolina at Chapel Hill is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
University of North Carolina at Chapel Hill operates primarily in the Higher Education industry.
University of North Carolina at Chapel Hill employs approximately 19,627 people worldwide.
University of North Carolina at Chapel Hill presently has no subsidiaries across any sectors.
University of North Carolina at Chapel Hill’s official LinkedIn profile has approximately 384,196 followers.
University of North Carolina at Chapel Hill is classified under the NAICS code 6113, which corresponds to Colleges, Universities, and Professional Schools.
No, University of North Carolina at Chapel Hill does not have a profile on Crunchbase.
Yes, University of North Carolina at Chapel Hill maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/university-of-north-carolina-at-chapel-hill.
As of November 27, 2025, Rankiteo reports that University of North Carolina at Chapel Hill has experienced 2 cybersecurity incidents.
University of North Carolina at Chapel Hill has an estimated 14,028 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
Title: UNC Health Care Data Breach
Description: UNC Health Care suffered a data breach incident that exposed 24,000 patients' information in December 2017. The exposed information includes names, addresses, phone numbers, employment status, employer names, birth dates, and Social Security numbers. The affected patients were offered free credit monitoring services for one year.
Type: Data Breach
Title: Phishing Attack on University of North Carolina at Chapel Hill School of Medicine
Description: An estimated 3716 people were told by the University of North Carolina at Chapel Hill School of Medicine that their information had been the target of a cyberattack, which found that some workers were duped by a phishing scam and that their email accounts may have been compromised. UNC only mentions that they first confirmed the incident on September 13, 2019, but does not specify when they originally learned of it. Patients' names, dates of birth, and demographic information including residences, health insurance information, health information, Social Security numbers, financial account information, and/or credit card information were all possible components of the PII/PHI.
Date Publicly Disclosed: 2019-09-13
Type: Phishing
Attack Vector: Phishing Email
Vulnerability Exploited: Human Error
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing Email.
Data Compromised: Names, Addresses, Phone numbers, Employment status, Employer names, Birth dates, Social security numbers
Data Compromised: Patients' names, Dates of birth, Demographic information, Health insurance information, Health information, Social security numbers, Financial account information, Credit card information
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Phone Numbers, Employment Status, Employer Names, Birth Dates, Social Security Numbers, , Pii, Phi and .
Entity Name: UNC Health Care
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 24000
Entity Name: University of North Carolina at Chapel Hill School of Medicine
Entity Type: Educational Institution
Industry: Education
Location: Chapel Hill, North Carolina
Customers Affected: 3716
Type of Data Compromised: Names, Addresses, Phone numbers, Employment status, Employer names, Birth dates, Social security numbers
Number of Records Exposed: 24000
Sensitivity of Data: High
Type of Data Compromised: Pii, Phi
Number of Records Exposed: 3716
Sensitivity of Data: High
Personally Identifiable Information: Patients' namesDates of birthDemographic informationHealth insurance informationHealth informationSocial Security numbersFinancial account informationCredit card information
Source: University of North Carolina at Chapel Hill School of Medicine
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: University of North Carolina at Chapel Hill School of Medicine.
Entry Point: Phishing Email
Root Causes: Human Error
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-09-13.
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, phone numbers, employment status, employer names, birth dates, Social Security numbers, , Patients' names, Dates of birth, Demographic information, Health insurance information, Health information, Social Security numbers, Financial account information, Credit card information and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Health insurance information, employment status, Credit card information, birth dates, Demographic information, names, addresses, phone numbers, Financial account information, Dates of birth, Social Security numbers, Health information, Patients' names and employer names.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 617.0.
Most Recent Source: The most recent source of information about an incident is University of North Carolina at Chapel Hill School of Medicine.
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing Email.
.png)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid